Risk assessment is considered as being the basic element of the internal control and risk management system. IGD, with this in mind and in order to be equipped with tools that are more in line with the control and risk management needs required by its organisational complexity, status as listed company and business dynamics, defined and implemented an integrated risk management process, based on the internationally recognised standards in the field of Enterprise Risk Management (“ERM”). In line with the reference methodological standards, risk assessment is portrayed by means of four sub elements:
The Company verifies that the planning, implementation and monitoring activities of the internal control and risk management system are continuously in line with the Company’s strategic, financial, operational and compliance objectives.
The Risk Management Model adopted calls for the model itself to be continuously updated and developed by the Management, in order to ensure that it is in line with organisational and business evolution.
This activity, carried out in relation to the Enterprise Risk Management process, is supplemented by specific risk assessments which are carried out as part of specific control systems (internal auditing, control system on administrative-accounting procedures ex. L. 262/05).
The defined ERM model identifies and assesses, in its Risk Map, a risk area referring to “Fraud committed by Company personnel or by its stakeholders with effects on its assets and on its reputation”. The control measures defined, in particular with regard to administrative-accounting areas, finance and treasury management area and commercial and asset management, also take into account aspects regarding fraud risks.
As part of the defined internal control and risk management system, checks and updates regarding risk analysis and assessment are periodically planned and carried out, taking into account the strategies pursued and the organisational and business model adopted. Therefore, the Company promotes and carries out periodic activities to update its risk identification and assessment models (ERM system, Organisational, Management and Control Model ex Legislative Decree 231/01, administrative-accounting control system ex. L. 262/05) and to verify their consistency with its specific organisational and business features and with its corporate strategies.